View Full Version : la connessione sparisce
ciroshare
05-05-2005, 10:30
Ciao a tutti ho questo problema. Quando navigo con internet explorer utilizzando la mia connessione alice adsl flat ogni tanto cade la linea, ma la cosa ancor piu' sconvolgente e' che mi sparisce anche la connessione, non riesco piu' a ritrovarla nemmeno in accesso remoto. C'e' qualcuno che puo' aiutarmi?
ciroshare
05-05-2005, 10:36
Logfile of HijackThis v1.99.1
Scan saved at 11.33.52, on 05/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\SVCHOST.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\STMS.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: getright.exe.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
halduemilauno
05-05-2005, 10:46
Logfile of HijackThis v1.99.1
Scan saved at 11.33.52, on 05/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\SVCHOST.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\STMS.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: getright.exe.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\SVCHOST.DLL
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
e butta tutti i 015
ciao.
;)
ciroshare
05-05-2005, 10:54
scusami ma sono un po' duro e non riesco a capire cosa fare. Potresti spiegarti meglio.
Ciao e grazie
ciroshare
05-05-2005, 10:59
scusami ma ho usato spybot e ora il file di hijack e' cambiato in questo:
Logfile of HijackThis v1.99.1
Scan saved at 11.54.50, on 05/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\SVCHOST.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\STMS.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: getright.exe.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
halduemilauno
05-05-2005, 11:08
scusami ma sono un po' duro e non riesco a capire cosa fare. Potresti spiegarti meglio.
Ciao e grazie
cosa c'è che non capisci? butta le voci 015. e le altre. scusa hai usato spybot e non ti ha fatto eliminare quelle voci?
;)
ciroshare
05-05-2005, 11:12
non capisco come eliminarle e forse dopo l'uso di spybot sono state ricreate. Un'ultima cosa ma non devo eliminare altro dopo aver eliminato quelle voci?
Ciao e scusa per la mia ignoranza.
halduemilauno
05-05-2005, 11:25
non capisco come eliminarle e forse dopo l'uso di spybot sono state ricreate. Un'ultima cosa ma non devo eliminare altro dopo aver eliminato quelle voci?
Ciao e scusa per la mia ignoranza.
c'è il comando fix. no significa che spybot non le ha proprio viste. intanto aggiorna il programma e metti un'altro anti spyware come giant e spysweeper.
fai una scansione con loro aggiornatissimi.
ciao.
;)
ciroshare
05-05-2005, 11:38
Ciao ho eliminato le voci che mi hai detto e ho fatto il reboot. Mi sono accorto pero' che alcune entrate eliminate nelle chiavi di registro sono state ricreate infatti il file di log di hijackthis ora e' questo:
Logfile of HijackThis v1.99.1
Scan saved at 12.33.11, on 05/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\STMS.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: getright.exe.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
Forse c'e' qualcos'altro che devo eliminare dal mio sistema.
halduemilauno
05-05-2005, 11:50
Ciao ho eliminato le voci che mi hai detto e ho fatto il reboot. Mi sono accorto pero' che alcune entrate eliminate nelle chiavi di registro sono state ricreate infatti il file di log di hijackthis ora e' questo:
Logfile of HijackThis v1.99.1
Scan saved at 12.33.11, on 05/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\STMS.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: getright.exe.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
Forse c'e' qualcos'altro che devo eliminare dal mio sistema.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted IP range: 213.159.117.202
ok ora elimini questi. prima disattiva il ripristino conf. di sistema.
ciao.
;)
ciroshare
05-05-2005, 11:53
prima disattiva il ripristino conf. di sistema
cosa significa?
halduemilauno
05-05-2005, 11:59
cosa significa?
come non detto hai win 98. alla prima occasione metti xp.
ciao.
;)
ciroshare
05-05-2005, 12:01
quindi non c'e' speranza di non far ricreare quelle voci nel registro?
halduemilauno
05-05-2005, 12:06
quindi non c'e' speranza di non far ricreare quelle voci nel registro?
è certo che xp con sp2 è certamente meno immune del 98. ma ora elimina quelle voci e munisciti dei programmi citati e fai una bella scansione.
ciao.
;)
ciroshare
05-05-2005, 13:04
non esiste una versione gratuita di questo:
spysweeper
halduemilauno
05-05-2005, 13:32
non esiste una versione gratuita di questo:
spysweeper
dura 30 giorni. quindi scaricatelo lo aggiorni e usalo.
;)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted IP range: 213.159.117.202
ok ora elimini questi. prima disattiva il ripristino conf. di sistema.
ciao.
;)
oltre a queste c'è da eliminare:
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
NB: il nome del file è corretto, ma la posizione è sbagliata. Il vero file si deve trovare in C:\windows\system.
Prima di fare qualsiasi modifica prova a fare una search di scanregw.exe e controlla dove sono/è posizionati/o
cancella in modalità provvisoria :
tutta la directory C:\PROGRAM FILES\SURFSIDEKICK 2
e il file
C:\WINDOWS\scanregw.exe (se trovi l'altro in c:\windows\system)
ciao
ciroshare
05-05-2005, 14:12
ciao anche a te bluepix, con le modifiche indicatemi da halduemilauno le cose sono migliorate perche'pare che la connessione non sparisca piu', pero' non riesco ad eliminare le entry relative a surfsidekick neanche con spysweeper. Oltretutto non riesco a trovare la directory c:\program files\surfsidekick 2\ sembra non esistere. E perche' dovrei cancellarle in modalita' provvisoria...non so neanche come si fa.
Per quanto riguarda scanregw.exe ne trovo solo uno in c:\windows.
Cmq vi riposto il file di log che ottengo con hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15.11.28, on 05/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\GETRIGHT\GETRIGHT.EXE
C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\BITCOMET\BITCOMET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE 6\AD-WATCH.EXE
C:\PROGRAMMI\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\STMS.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: getright.exe.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
Scanregw.exe sembra OK
Purtroppo non ho più molta esperienza con W98 e non so se esiste la possibilita di visualizzare le cartelle e i file nascosti.
Prova con:
Visualizza-Opzioni Cartella - Visualizzazione e selezionare -in File Nascosti- Mostra tutti i file
ricontrolla dopo la modifica se trovi la cartella:
C:\PROGRAM FILES\SURFSIDEKICK 2
però non si riesce a trovare l'agente che le ricrea. (azzzzz)
Ricapitoliamo.
Da fixare (cioè lancciare Hijackthis, mettere il segno di spunta sulle voci sotto elencate e clikkare FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\RunServices: [SurfSideKick 2] C:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
ciao
ciroshare
05-05-2005, 16:34
i file nascosti ho gia' impostato che vengano visualizzati, ma la cartella proprio non esiste...ci sto impazzendo, pero' ho notato questo file...ti dice qualcosa WINDOWSwinHlp32.BMK.
io credo che l'agente che li crea sia una qualche libreria dinamica...pensi che sia utile fare una ricerca con *.dd
ciroshare
05-05-2005, 16:45
*.dll naturalmente
i file nascosti ho gia' impostato che vengano visualizzati, ma la cartella proprio non esiste...ci sto impazzendo, pero' ho notato questo file...ti dice qualcosa WINDOWSwinHlp32.BMK.
io credo che l'agente che li crea sia una qualche libreria dinamica...pensi che sia utile fare una ricerca con *.dd
sembra un driver per la scheda audio
http://members.driverguide.com/driver/detail.php?driverid=60008
http://members.driverguide.com/driver/detail.php?driverid=12186
se non hai queste schede audio..... beh è sospetto.
Cacchio! Tosto questo bastardo.
Forse è una variante di questo
http://sarc.com/avcenter/venc/data/adware.surfsidekick.html
che ha trasformato surfsidekick in surfsidekick 2
prova a darci un occhio
Ho trovato un'altra interessante pagina:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090721
ciroshare
05-05-2005, 20:42
Grazie ho guardato i link e ho fatto il search per tutte le varie librerie li' indicate e i vari file ma niente non riesco a trovarlo
ciroshare
06-05-2005, 12:49
Quote:
Originariamente inviato da ciroshare
i file nascosti ho gia' impostato che vengano visualizzati, ma la cartella proprio non esiste...ci sto impazzendo, pero' ho notato questo file...ti dice qualcosa WINDOWSwinHlp32.BMK.
io credo che l'agente che li crea sia una qualche libreria dinamica...pensi che sia utile fare una ricerca con *.dd
sembra un driver per la scheda audio
http://members.driverguide.com/driv...?driverid=60008
http://members.driverguide.com/driv...?driverid=12186
se non hai queste schede audio..... beh è sospetto.
Cacchio! Tosto questo bastardo.
Forse è una variante di questo
http://sarc.com/avcenter/venc/data/...rfsidekick.html
che ha trasformato surfsidekick in surfsidekick 2
prova a darci un occhio
Io ho una soundblaster 1024 live! e non mi sembra che i due link si riferiscano alla mia scheda audio che ne pensi?
Inoltre e' la posizione di questo file ad insospettirmi che si trova in c:\ e non sotto qualche cartella.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.